DEV Community

LEWIS SAWE
LEWIS SAWE

Posted on

Creating S3 IAM roles for an EC2 Instance

#aws #devops #cloud

Challenge 005

As a cloud engineer you need to grant permissions to an EC2 instance to access an S3 bucket. EC2 instances, by default, do not have permission to access any S3 bucket. To allow an EC2 instance to access an S3 bucket, you need to configure the necessary permissions. You also need to query the S3 buckets from the EC2 instances and manipulate the S3 bucket.

Solution

The solution will be implemented through the use of AWS Console

You will login in into the console and head to the IAM tab:

-On the left panel click Roles

We are going to create a new role for the ec2 instance

  • Click Create Role
  • Choose AWS Service
  • for use case choose EC2
  • Click Next

In this step we are going to add permissions policies, you have the option to use the AWS provided ones or create a new policy based on your needs

As per the instructions that we need to create a new policy that would specific to a bucket, we will create a new policy through

Select create Policy and use the json tab, I will specify the following according to my needs which are List, Read and Write. I will specify basic actions for the policy and specify the bucket arn as the resource

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Sid": "VisualEditor0", 
            "Effect": "Allow", 
            "Action": [ 
                "s3:PutObject", 
                "s3:GetObject", 
                "s3:ListBucket" 
            ], 
            "Resource": [ 
                "arn:aws:s3:::cloudforcebucketnew",  
                "arn:aws:s3:::cloudforcebucketnew/*" 
            ] 
        } 
    ] 
}
Enter fullscreen mode Exit fullscreen mode
  • Click Next
  • Review and Create the policy and role
  • The new role will be created. The next step would be to attach the role to your EC2 instance

Head over to your EC2 instance

  • Select the EC2 instance you would like to attach the role
  • In the actions tab, select security and click modify IAM role
  • Select the role you created using the name
  • click update IAM role

The IAM role is now attached to the EC2 instance

We can now access S3 through the EC2 instance

Connect to the instance

You can test it by listing all the S3 buckets

aws s3 ls s3://cloudforcebucketnew
Enter fullscreen mode Exit fullscreen mode

You can also list all objects in the sub directory with

aws s3 ls s3://cloudforcebucketnew --recursive
Enter fullscreen mode Exit fullscreen mode

S3 Challenge

And that's how you can create an IAM role for your EC2 instance to access S3 bucket

Top comments (0)

Read next

aurelievache profile image

Understanding Docker: part 45 – Tools: Crane

Aurélie Vache -

rodrigofrs13 profile image

Creating a simple and fast EKS Cluster

Rodrigo Fernandes -

574n13y profile image

A Beginner’s Guide to Subnetting, CIDR, Network, and Hosts

Vivesh -

jsbroks profile image

Reflecting on Automation I Wish I’d Started Sooner

Justin Brooks -